Lucene search
+L

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/10/09 11:0 a.m.54 views

Security Bulletin: Vulnerability in Spring Session affects IBM Process Mining . CVE-2023-20866

Summary There is a vulnerability in Spring Session that could allow a local authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-20866...

6.5CVSS6.2AI score0.0066EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2023/05/04 7:21 p.m.28 views

CVE-2023-20866

A flaw was found in Spring Session. If using HeaderHttpSessionIdResolver, the session id can be logged to the standard output stream. This may log sensitive information and could be used by an attacker for session hijacking...

6.5CVSS6AI score0.0066EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/04/13 9:30 p.m.5 views

cn.herodotus.engine:access-sdk-all (>=3.0.1.0 <=3.0.4.2), cn.herodotus.engine:access-sdk-justauth (>=3.0.1.0 <=3.0.4.2) +85 more potentially affected by CVE-2023-20866 via org.springframework.session:spring-session-core (=3.0.0)

org.springframework.session:spring-session-core MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.session:spring-session-core and may be impacted: - cn.herodotus.engine:access-sdk-all =3.0.1.0, =3.0.1.0, =3.0.1.0,...

6.5CVSS6.5AI score0.0066EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/04/13 12:0 a.m.8 views

CVE-2023-20866

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...

6.4AI score0.0066EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/13 12:0 a.m.37 views

CVE-2023-20866

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...

6.5AI score0.0066EPSS
Exploits0References1
CVE
CVE
added 2023/04/13 12:0 a.m.64 views

CVE-2023-20866

CVE-2023-20866 affects Spring Session 3.0.0, where the session ID can be logged to standard output when using HeaderHttpSessionIdResolver. This leaks sensitive information from logs and can enable session hijacking. The NVD/CVSS data indicates a base score of 6.5 (MEDIUM) with high confidentialit...

6.5CVSS6.2AI score0.0066EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder